Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Application role

Re: Application role

From: Billy Verreynne <vslabs_at_onwe.co.za>
Date: Wed, 06 Nov 2002 15:09:00 +0200
Message-ID: <aqb4bi$10o$2@ctb-nnrp2.saix.net> 





Franky wrote:



> In Sql Server an application role can be created so that users cannot

> connect to the database if they don't use the program.

> In that program you first connect to the database and the exec a stored

> procedure using a password. Then you can select, delete, update the

> records in the database. If you use another tool (MsAccess, Query

> analyzer, ...) you cannot select, delete and update the records.




This is a nice feature to have, but IMO is in no way one that can truly 
enforce security... Is is very easy to change an application and its module 
name to bypass this database restriction - or to spoof it with a few lines 
of custom code.



--
Billy


Received on Wed Nov 06 2002 - 07:09:00 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US